mod_ssl: Add no_crl_for_cert_ok flag to SSLCARevocationCheck directive

to opt-in previous behaviour (2.2) with CRLs verification when checking certificate(s) with no corresponding CRL. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1734561 13f79535-47bb-0310-9956-ffa450edef68
2025-08-07 04:02:58 +03:00 · 2016-03-11 13:51:17 +00:00
parent cdfb2f5fd6
commit bafafe600b
7 changed files with 100 additions and 21 deletions
--- a/modules/ssl/mod_ssl.c
+++ b/modules/ssl/mod_ssl.c
@@ -124,7 +124,7 @@ static const command_rec ssl_config_cmds[] = {
    SSL_CMD_SRV(CARevocationFile, TAKE1,
                "SSL CA Certificate Revocation List (CRL) file "
                "('/path/to/file' - PEM encoded)")
-    SSL_CMD_SRV(CARevocationCheck, TAKE1,
+    SSL_CMD_SRV(CARevocationCheck, RAW_ARGS,
                "SSL CA Certificate Revocation List (CRL) checking mode")
    SSL_CMD_ALL(VerifyClient, TAKE1,
                "SSL Client verify type "
@@ -202,7 +202,7 @@ static const command_rec ssl_config_cmds[] = {
    SSL_CMD_SRV(ProxyCARevocationFile, TAKE1,
                "SSL Proxy: CA Certificate Revocation List (CRL) file "
                "('/path/to/file' - PEM encoded)")
-    SSL_CMD_SRV(ProxyCARevocationCheck, TAKE1,
+    SSL_CMD_SRV(ProxyCARevocationCheck, RAW_ARGS,
                "SSL Proxy: CA Certificate Revocation List (CRL) checking mode")
    SSL_CMD_SRV(ProxyMachineCertificateFile, TAKE1,
               "SSL Proxy: file containing client certificates "